CVE-2023-30989: 
NixOS vulnerability analysis and mitigation

IBM Performance Tools for i versions 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability identified as CVE-2023-30989. The vulnerability was discovered and reported to IBM by Zoltan Panczel of Silent Signal, and was publicly disclosed on July 16, 2023. This security issue affects the IBM Performance Tools component across multiple versions of the IBM i operating system (IBM Security Bulletin).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (NIST) and 8.4 HIGH (IBM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is characterized by a local attack vector, low attack complexity, requiring low privileges, and no user interaction. The scope is unchanged, but the potential impact is high across confidentiality, integrity, and availability (NVD).

If exploited, this vulnerability allows a malicious actor with command line access to the host operating system to elevate their privileges and gain all object access to the host operating system. This represents a significant security risk as it could allow attackers to gain unauthorized access to sensitive system resources and data (IBM Security Bulletin).

IBM has released fixes for this vulnerability through PTFs (Program Temporary Fixes) for the affected versions. The specific PTF numbers are: SI83383 for v7.5 and v7.4, SI83382 for v7.3, and SI83381 for v7.2. These fixes can be obtained through IBM's support system. IBM recommends that all users running unsupported versions upgrade to supported and fixed versions of affected products (IBM Security Bulletin).